Sony faced a setback in its campaign to control what software can run on its PlayStation 3 after hackers published one of the cryptographic keys that forms the core of the security scheme locking down the game console.

The so-called LV0 key, released by a crew calling itself "The Three Musketeers," grants access to the one of the most sensitive parts of the PS3. Its availability should make it easier for hackers and modders to work around restrictions Sony places on the console. The key can be used to decrypt future security updates Sony issues for the console and to incorporate those changes into custom firmware packages not authorized by the Japanese company. Sony has long discouraged the use of custom firmware by, among other things, blocking consoles that use them from connecting to the PlayStation Network.

The Three Musketeers said they discovered the LV0 key some time ago and only published it after a separate hacking group was using the code to build and sell its own custom firmware called BlueDiskCFW. Their post appears to be available here.

"You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day," the group wrote in a note accompanying the key, according to a post published on Tuesday to PlayStationLifeStyle.net. "Only the fear of our work being used by others to make money out of it has forced us to release this now."

Release of the key is only the latest attack on a security regimen that many PS3 users took as an affront to their self-proclaimed what they argued is their right to use the console as they saw fit. Early efforts to seize control from Sony included PSJailbreak, which was a USB stick that allowed games to be fully installed to, and played from, the system's included hard drive. In late 2010, a group calling itself fail0verflow described ways work through the PS3's various security levels, which include a chain of trust, a hypervisor, and signed executables. The group ultimately located the ECDSA signature, a private cryptographic key the console uses to authorize high-level operations.

Working independently of the group, hacker George Hotz soon matched the fail0verflow feat by discovering and publicly releasing the metldr keys that could be used to trick the system into running unauthorized programs. Sony sued the New Jersey-based Hotz over the disclosure, but eventually agreed to drop the controversial lawsuit in exchange for promises he would curtail all future attempts to unlock the game console.

It remains unclear just how damaging the key's release will be to Sony's attempts to stop the running of pirated games and other types of unauthorized software on the PS3. Nate Lawson, a cryptographer and the principal of the Root Labs security consultancy, said the disclosure represents a setback for Sony in its attempt to control what end users can and can't do with the console.

"They're going to have to depend on obfuscation as their primary security measure to keep people from decrypting their updates," he told Ars. "It's a cat-and-mouse game that's now more closely in the favor of the attackers. But Sony has plenty of things they can still do. It's just another link in the chain."

Promoted Comments

We've gone way too far down the road of letting manufacturers dictate usage terms of people's devices. Whatever lets people take back control of their devices is a good thing.

I always found this argument funny only because after homebrewing my Wii I kind of actually [and sadly] get their point: people do this sh*t not to establish their right over their product, they simply do it to simply play hacked, modded games so they don't have to pay for it. And yes it's not 100% but I'm sure it's pretty close to that and yeah you CAN argue that games shouldn't be that much either. But people seem to ignore you wouldn't get good games like Borderlands, Elder Scrolls or Fallout without the budget that comes from what you pay AND even if they discounted the game you'd still be suckered into expansion maps, extra items, etc.

It's like buying a PC and the reality between the consumer and manufacturer is so distorted its like a play: Consumer: I want a PC that does it all!Manufacturer: So what did you want?Consumer: Oh wait I also want to spend as little as possible so is $300 good enough?Manufacturer: (really who the f**k is this d**k?) Sorry sir/ma'am it's gonna cost more...

That's who we are, we want to pay as little as possible and no I'm not white knighting when I say, just pay for your sh*t people and that's it. Do you really, honestly think Sony would be out to waste their money encrypting a system if they didn't think enough people were modding it to get their stuff for free? Hey I think theaters are over-priced but I just do the matinee for $5 instead of seeing it at night and paying $18.50.

...Ready for any "hitler" comments or flames lol~

Before you get downvoted to eternity, I'm just going to put it out there that I agree.

The "we can do what we want with _our_ hardware" argument has a modicum of merit to it; but the reality is, for every 1 Geo Hotz that wants to run Linux on his playstation and play GNUChess there are 20 people that will simply take the rootkit and use it to play pirated games.

We've gone way too far down the road of letting manufacturers dictate usage terms of people's devices. Whatever lets people take back control of their devices is a good thing.

I always found this argument funny only because after homebrewing my Wii I kind of actually [and sadly] get their point: people do this sh*t not to establish their right over their product, they simply do it to simply play hacked, modded games so they don't have to pay for it. And yes it's not 100% but I'm sure it's pretty close to that and yeah you CAN argue that games shouldn't be that much either. But people seem to ignore you wouldn't get good games like Borderlands, Elder Scrolls or Fallout without the budget that comes from what you pay AND even if they discounted the game you'd still be suckered into expansion maps, extra items, etc.

It's like buying a PC and the reality between the consumer and manufacturer is so distorted its like a play: Consumer: I want a PC that does it all!Manufacturer: So what did you want?Consumer: Oh wait I also want to spend as little as possible so is $300 good enough?Manufacturer: (really who the f**k is this d**k?) Sorry sir/ma'am it's gonna cost more...

That's who we are, we want to pay as little as possible and no I'm not white knighting when I say, just pay for your sh*t people and that's it. Do you really, honestly think Sony would be out to waste their money encrypting a system if they didn't think enough people were modding it to get their stuff for free? Hey I think theaters are over-priced but I just do the matinee for $5 instead of seeing it at night and paying $18.50.

...Ready for any "hitler" comments or flames lol~

Where your logic really fails is the part where Sony removes paid for features, not for the customers benefit, but to offset some made up reason as to why their games are not selling so well, (that may not be the real reason but it seems like it to me). I really don't like my property being stolen from me. I paid for my shit and Sony took it back. Where is the justice in that. And by the way, I don't remember being informed that an update would brick my system. Sony is receiving their justice.

As a Linux user, I never get this self entitlement argument everyone throws around.

When you buy computer hardware, it's yours, do with it as you want. If you want to clone the latest Linux kernel and build your own system level drivers, good for you!

When you buy a Playstation, Xbox, or Wii type of device, yes you own the hardware - you do NOT own the software. That is a license that allows you to run specific software (games) through YOUR hardware, in THEIR playground. If they want to change their playground, they can change it and you can cry about it all you want, but you are playing in their sandbox. You don't have the right to go in and mess with their software. You don't. You can try to justify it all you want by saying they changed their original promises so you should be able to get that back, but you only own a license to use that software, in whatever shape or form they give it to you as. That agreement you just press next, next, next, until you can play a game, yeah, it's in there.

Ahh jeeze. Here comes another stupid required firmware update that will take 10 minutes to download and install instead of play a game or watch a movie. I like my PS3 but I get really tired of these stupid updates that do nothing for me.

Can anyone tell me, will this enable cfw to be installed on more than what is possible currently? I would love to hack a ps3, I have one sitting here collecting dust in a closet.

It should enable bumping the firmware to an older version (still looking into that myself), allowing home brew software to be encoded and thus loaded, re-enable linux by encoding a linux loader for instance. Unfortunately it will also enable boot legged copies of games and that will send Sony into another snit fit spiral of doom.

I would be interested if they would release a new PS3 slim-ish (whatever it is called now) that is linux only. Granted the graphics are horribly outdated and the Cell BE is long in the tooth and is a dead end design, I would buy one just to play with linux on it.

Since I rarely turn mine on anymore, much less allow it to connect to the network, it could be a net gain for them. Removing linux (other os) support convinced me to buy an Xbox360. And the Xbox360 UI fiasco has convinced me to switch back to a PC for games. Linux and Steam for the win.

I actually would use this to play PS2 games, not to allow unauthorized games or other Operating Systems. >_>

Sorry, PS2 games on a PS3 are only available on the initial two releases. The first had a chip to enable PS2 emulation and the second had software system to perform that emulation.

That's interesting. In the diagram provided to this article you can see the lower box numbered 2 that it has a bunch of PS2 emulator related items. Is the diagram old, or is the PS2 software emulator still in the PS3 systems and just disabled in some way? It would be awesome if one could re-enable the PS2 emulation again.

I actually would use this to play PS2 games, not to allow unauthorized games or other Operating Systems. >_>

Sorry, PS2 games on a PS3 are only available on the initial two releases. The first had a chip to enable PS2 emulation and the second had software system to perform that emulation.

That's interesting. In the diagram provided to this article you can see the lower box numbered 2 that it has a bunch of PS2 emulator related items. Is the diagram old, or is the PS2 software emulator still in the PS3 systems and just disabled in some way? It would be awesome if one could re-enable the PS2 emulation again.

Even the more software driven PS2 emulation required additional hardware. The original PS3 models provided both a PS2 CPU and GPU. The second PS3 model only provided the PS2 GPU with the CPU being emulated. thus even if you were to unlock the PS2 emulation software, it'd still require a hardware component not found inside PS3 for the past several years.

I love how Sony and those sympathetic to Sony use the word "attacker" as if these people are committing violent acts of aggression against Sony. Just another day in corporate use of semantics to evoke snap emotional reactions that make them appear that they are helpless, innocent victims of brutes and thugs.

I find this "Release of the key is only the latest attack on a security regimen that many PS3 users took as an affront to their self-proclaimed right to use the console as they saw fit." Offensive.

It is a piece of hardware, you buy it, you own it. since when does a company maintain any property rights in the hardware they have sold? and it is a sale, not a rental or a lease. Of course you should have the right to use it as you see fit. It is not self proclaimed when it is the status quo that has been generally accepted for property for thousands of years, It is a realistic expectation of a purchase that a greedy and control hungry company wants to avoid.

Maybe I'm mistaken but the law is that you are legally allowed to hack your devices but you can't spread the tools or info to do so online. Then Sony terms of service you agreed to when using the psn is that you aren't running unofficial software.

I'm not saying I agree with Sony's decisions but I think people should argue about the right things. Wanting more open access to a device I own is something I agree with. The ability to hack it and play online where the modifications you made affects the enjoyment of others is just as bad as Sony allowing no access.

Since I rarely turn mine on anymore, much less allow it to connect to the network, it could be a net gain for them. Removing linux (other os) support convinced me to buy an Xbox360. And the Xbox360 UI fiasco has convinced me to switch back to a PC for games. Linux and Steam for the win.

Oddly it was the lack of interesting games and graphics capability that convinced me to spend less and less time on the 360.

I never entirely got the point of Other OS. If I wanted to fiddle around with operating systems I have a real computer for that. Sure the PS3 can get close but eh, not the same. Really just seemed like a Blu-ray player with a couple games on it I didn't already have. Which honestly I've considered buying one but never get the motivation, articles like this don't help a whole lot either usually.

AbsoluteChaos92 wrote:

I'm not saying I agree with Sony's decisions but I think people should argue about the right things. Wanting more open access to a device I own is something I agree with. The ability to hack it and play online where the modifications you made affects the enjoyment of others is just as bad as Sony allowing no access.

There needs to be a middle ground.

I believe that's refusing to let modded machines on their network, as long as they can detect them that SHOULD be enough if they simply let people do whatever else they want. On the other hand it seems the PS3 design once you get creative gives you a bit to much power over others. At least that's the impression I've gotten from every reaction of theirs, bad design choices.

Then again back in the day I played my unmodded NES, enjoyed it, and never felt the need to tinker with it. Then again maybe this is why Nintendo has lagged behind hard with online functionality and I don't touch their products anymore.

I actually would use this to play PS2 games, not to allow unauthorized games or other Operating Systems. >_>

Sorry, PS2 games on a PS3 are only available on the initial two releases. The first had a chip to enable PS2 emulation and the second had software system to perform that emulation.

That's interesting. In the diagram provided to this article you can see the lower box numbered 2 that it has a bunch of PS2 emulator related items. Is the diagram old, or is the PS2 software emulator still in the PS3 systems and just disabled in some way? It would be awesome if one could re-enable the PS2 emulation again.

Even the more software driven PS2 emulation required additional hardware. The original PS3 models provided both a PS2 CPU and GPU. The second PS3 model only provided the PS2 GPU with the CPU being emulated. thus even if you were to unlock the PS2 emulation software, it'd still require a hardware component not found inside PS3 for the past several years.

Thanks for that. I had forgotten about the additional GPU. When the slim came out I bought one for my daughter and her family. It was made clear it would never be able to play PS2 games.

We've gone way too far down the road of letting manufacturers dictate usage terms of people's devices. Whatever lets people take back control of their devices is a good thing.

I don't own a PS3 but I tend to agree with this sentiment... if you sell me something then its mine... to do with as I please... even sell on to someone else, modify, trash, fly to the moon, etc.

As a software developer I feel that should apply to software to... this whole 'license' business is just a scam to beat money out of users. Its reasonable to not allow copying or running multiple copies... but the one copy I do run should be mine to do with as I please (be it modify, trash, sell to someone else, etc).

Maybe I'm mistaken but the law is that you are legally allowed to hack your devices but you can't spread the tools or info to do so online. Then Sony terms of service you agreed to when using the psn is that you aren't running unofficial software.

I'm not saying I agree with Sony's decisions but I think people should argue about the right things. Wanting more open access to a device I own is something I agree with. The ability to hack it and play online where the modifications you made affects the enjoyment of others is just as bad as Sony allowing no access.

There needs to be a middle ground.

Wouldn't it be the same if I hacked it myself or asked the hackers to give me the tools because... I will still decide what to do with my console? Whether I give you the bullets or I pull the trigger, it's the same analogy. Point is moot. Pirating or playing downloaded .iso's is another thing though.

We've gone way too far down the road of letting manufacturers dictate usage terms of people's devices. Whatever lets people take back control of their devices is a good thing.

I always found this argument funny only because after homebrewing my Wii I kind of actually [and sadly] get their point: people do this sh*t not to establish their right over their product, they simply do it to simply play hacked, modded games so they don't have to pay for it. And yes it's not 100% but I'm sure it's pretty close to that and yeah you CAN argue that games shouldn't be that much either. But people seem to ignore you wouldn't get good games like Borderlands, Elder Scrolls or Fallout without the budget that comes from what you pay AND even if they discounted the game you'd still be suckered into expansion maps, extra items, etc.

It's like buying a PC and the reality between the consumer and manufacturer is so distorted its like a play: Consumer: I want a PC that does it all!Manufacturer: So what did you want?Consumer: Oh wait I also want to spend as little as possible so is $300 good enough?Manufacturer: (really who the f**k is this d**k?) Sorry sir/ma'am it's gonna cost more...

That's who we are, we want to pay as little as possible and no I'm not white knighting when I say, just pay for your sh*t people and that's it. Do you really, honestly think Sony would be out to waste their money encrypting a system if they didn't think enough people were modding it to get their stuff for free? Hey I think theaters are over-priced but I just do the matinee for $5 instead of seeing it at night and paying $18.50.

We've gone way too far down the road of letting manufacturers dictate usage terms of people's devices. Whatever lets people take back control of their devices is a good thing.

I always found this argument funny only because after homebrewing my Wii I kind of actually [and sadly] get their point: people do this sh*t not to establish their right over their product, they simply do it to simply play hacked, modded games so they don't have to pay for it. And yes it's not 100% but I'm sure it's pretty close to that and yeah you CAN argue that games shouldn't be that much either. But people seem to ignore you wouldn't get good games like Borderlands, Elder Scrolls or Fallout without the budget that comes from what you pay AND even if they discounted the game you'd still be suckered into expansion maps, extra items, etc.

It's like buying a PC and the reality between the consumer and manufacturer is so distorted its like a play: Consumer: I want a PC that does it all!Manufacturer: So what did you want?Consumer: Oh wait I also want to spend as little as possible so is $300 good enough?Manufacturer: (really who the f**k is this d**k?) Sorry sir/ma'am it's gonna cost more...

That's who we are, we want to pay as little as possible and no I'm not white knighting when I say, just pay for your sh*t people and that's it. Do you really, honestly think Sony would be out to waste their money encrypting a system if they didn't think enough people were modding it to get their stuff for free? Hey I think theaters are over-priced but I just do the matinee for $5 instead of seeing it at night and paying $18.50.

...Ready for any "hitler" comments or flames lol~

Before you get downvoted to eternity, I'm just going to put it out there that I agree.

The "we can do what we want with _our_ hardware" argument has a modicum of merit to it; but the reality is, for every 1 Geo Hotz that wants to run Linux on his playstation and play GNUChess there are 20 people that will simply take the rootkit and use it to play pirated games.

Not sure what Hitler has to do with anything, but in any discussion of "my rights", "my responsibilities" get's left out. Maybe more people demonstrating they have the maturity to handle responsibility will get the corresponding rights.

I love free and open access to devices. Unfortunately, any major hack of the PS3 will translate to the maximum abuse possible in online gaming.

I'll stick myself firmly in the "corporate, greedy, blindfolded, imprisoned" camp on this one because locking the PS3 is the only way to ensure that I get the online gaming experience I paid for and not have to worry about the dredge who devote their time to cheating and hacking and ruining everyone's online experience, just because they can.

Hi Dan, as someone else pointed out, in the sentence where you crossed out 'their self-proclaimed' you come off as being rude. Dimishing a rational argument is hardely objective reporting. If you fail to see the point, what would you say if I started out this post simiarly? Let's see.

Hi Dan, you fucking idiot, as someone else pointed out.... woops, scratch 'you fucking idiot.' (the insult was increased to show the point, but even a milder insult is still more unprofessional than Ars has ever been). In the future, if you notice an error that you have made, it's better to just get rid of it.

Save the crossing our for important things like *facts* that may have been initially wrong. No one should berate you for catching an incorrect fact and leaving it in, but corrected (for archival and search purposes). Ideally insulting a group you disagree with shouldn't even happen, but if it does, apologize and get rid of it (actually I haven't seen an apology about this).

Be respectful to your audiance sir, even the small portion you don't fully agree with. Past Ars reporters have usually done this very well and it's part of why I used to love this site.

We've gone way too far down the road of letting manufacturers dictate usage terms of people's devices. Whatever lets people take back control of their devices is a good thing.

I totally have no problem with people using their devices in whatever way works for them, as long as they stay the fuck off the PSN. The network needs to be a sterile environment in order to allow a level playing field and minimize griefers ruining online gaming.

This makes me wonder exactly what Sony's response will be, other than the aforementioned firmware update. They can't seem to get a break, but then again............strong arm tactics like suing George Hotz really pissed off some of the worst kind of people.

This seems to be more of a Streisand effect now than anything. It's going to keep getting broken, once they tried to tighten that grip.

I totally have no problem with people using their devices in whatever way works for them, as long as they stay the fuck off the PSN. The network needs to be a sterile environment in order to allow a level playing field and minimize griefers ruining online gaming.

Why do you assume a rooted console means someone is cheating? PC online gaming has cheaters, they kick/ban em (not that the system there is perfect either, but on a well manged [or my personal] server the problem is minimal).

I understand the need to not want cheaters on the PSN, however attempting to prevent root isn't the best way to go about this. The better way is to have code written well enough that expoits are hard to make and a good admin interface to kick/ban any trouble makers (or something like vote kicking).

I totally have no problem with people using their devices in whatever way works for them, as long as they stay the fuck off the PSN. The network needs to be a sterile environment in order to allow a level playing field and minimize griefers ruining online gaming.

Why do you assume a rooted console means someone is cheating?

I doesn't assume that everyone with a rooted console will be cheating, but allowing rooted consoles on the same network makes cheating and griefing significantly more likely. And there are no shortage of people who WILL take advantage of it. Keep the environment and the accessing machines locked down and you minimize this.